Tor SSL (.Onion Certificate) from DigiCert

Friday, January 8, 2016

Are you looking to secure and authenticate a .onion site – Tor SSL certificate?

Tor Background

In its most unique form, Tor uses and recognizes .onion domains in addition to standard .com domains, used to conceal one’s identity, location and browsing behaviours on the internet. Tor is designed to better improve privacy online and is a tool used to access the world beyond Google, Yahoo and Bing. A web invisible world without indexing and search findings known as The Deep Web, said to be 500 times larger than the surface web.

.Onion sites are widely used for database storage and activity by government agencies, education institutes and private companies but with most things, there are always two sides to a coin. .Onion sites are also used for illegal criminal activities such as the sale of contraband and counterfeit items, making the deep web highly sophisticated and to a certain extent, untrustworthy.

How DigiCert SSL Certificates Can Improve Trust

As the deep web is largely secluded, it is hard for users to know if they are on the right .onion site. Using a publicly-trusted SSL certificate will make identification process easier for your users as they can be sure of the site they visit, making them feel confident and safe accessing clean .onion addresses and portals.

Previously, .onion sites were recognized as internal domain names and according to IESG, the use of publicly-trusted SSL certificates were not allowed. That has changed since September 2015 and now, .onion domains have been approved by IESF in a move towards preventing phishing and man in the middle (MITM) attacks in the deep web proposed by DigiCert.

DigiCert is also the first Certificate Authority (CA) to sell SSL certificates for .onion sites.

Types of Certificates for .Onion Sites

Adhering to the CA/B Forum guidelines, DigiCert restricts its certificates issuance to the following conditions to ensure that its certificates are regulated and trusted.

EV Certificates: Only Extended Validation (EV) Certificates can be issued for .onion addresses in which there has to be an entity backing the site requesting for the certificate.

Wildcard Certificates: A special use-case for .onion EV certificates is available for wildcard that allows encryption on *.domain.onion sites

Validation Period: .Onion certificates is only valid for a maximum of 15 months and any period longer will be re-adjusted to 15 months validity period.

How to Ordera .Onion Certificate

If you are comfortable with the conditions in getting an SSL certificate for a .onion address, you can get an SSL certificate from Cyber Secure Asia, partner of DigiCert and can be contacted for more information.